Security

April 30, 2013

SECURITY

Tools of the Trade: The Compressed Pcap Packet Indexing Program

The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts.

April 24, 2013

SECURITY

Possible Exploit Vector for DarkLeech Compromises

Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server: The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username […]

April 23, 2013

SECURITY

Latest Oracle Java Patches and Security Best Practices

Java exploits account for 87% of total web exploits – Cisco 2013 Annual Security Report This month’s release of the Oracle Java SE Critical Patch Update includes patches for 42 vulnerabilities. Vulnerabilities in the Oracle Java SE Java Runtime Environment (JRE) component have received widespread attention as of late because of the potential for an attacker to bypass […]

April 22, 2013

SECURITY

London Calling

The Infosec London Conference is coming up this week, running April 23-25 at the Earl’s Court Exhibition Center. Cisco will be there of course, in a booth showing the latest Cisco security innovations and presenting four papers on: • “Securely Accelerate Access to Data Center Applications” (Tuesday, April 23, 10:30) • “The Changing Landscape of Identity: Is […]

April 22, 2013

SECURITY

Customized WordPress, Joomla Brute Force Login Attempts

In recent weeks, the occurrence of brute force login attempts targeting WordPress and Joomla installations have significantly increased in volume, with some entities reporting triple the attempts seen in the past. The attack volume has been so severe that it has led some hosting providers to block all attempts to access wp-login.php, even for site […]

April 22, 2013

SECURITY

CVRF: A Penny For Your Thoughts

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]

April 19, 2013

SECURITY

Security Automation Live Webcast!

UPDATE: Webcast information is also now available at the Cisco Live 365 site Many network security administrators are struggling to keep their network “up-to-date” with the constant release of new vulnerabilities and software fixes. At the same time, they’re under pressure to provide near 100% availability of key business services and systems. Every time a […]

April 18, 2013

SECURITY

Yesterday Boston, Today Waco, Tomorrow Malware

At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We've seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.

April 18, 2013

SECURITY

Effective Global Threat Intelligence Doesn’t Just Happen

The concept of crowd sourcing cyber intelligence may sound like an unstructured process, but there’s more to it than that. First, you need to remember that all crowds consist of collections of individuals contributing to the community knowledge base. Second, someone has to take responsibility for gathering data from the crowd, analyzing it, and refining it into actionable information that crowd members can apply to their unique situations.